Predefined user roles
network-admin
network-operator
Parameters
name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
If no user role name is specified, the command displays information about all user roles, including the
predefined user roles.
Examples
# Display information about the user role 123.
<Sysname> display role name 123
Role: 123
Description: new role
VLAN policy: deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: deny
Permitted interfaces: Ten-GigabitEthernet1/1/5 to Ten-GigabitEthernet1/1/7,
Vlan-interface1 to Vlan-interface20
VPN instance policy: deny
Permitted VPN instances: vpn, vpn1, vpn2
-------------------------------------------------------------------
Rule
-------------------------------------------------------------------
1
2
3
R:Read W:Write X:Execute
Table 4 Command output
Field
Role
Description
VLAN policy
Permitted VLANs
Interface policy
Perm
Type
Scope
permit RWX
feature-group abc
deny
-W-
feature
permit
command
Entity
ldap
system ; radius sc *
Description
User role name.
Predefined user role names include network-admin, network-operator,
level-n (where n represents an integer in the range of 0 to 15), and
security-audit.
User role description you have configured for easy identification.
VLAN policy of the user role:
•
deny—Denies access to any VLAN except permitted VLANs.
•
permit (default)—Default VLAN policy, which enables the user role
to access any VLAN.
VLANs accessible to the user role.
Interface policy of the user role:
•
deny—Denies access to any interface except permitted interfaces.
•
permit (default)—Default interface policy, which enables the user
role to access any interface.
41